Bug #16726
Updated by Peter Amstutz over 3 years ago
When using a federation, it's possible to use the anonymous user of one cluster to access another cluster (for example, it does a lookup by PDH across the federation on behalf of the anonymous user). cluster. This works but is confusing because it results in two or more "anonymous" users appearing in the user list, belonging to different clusters. Possible fixes: # Hide the foreign anonymous user from the user list # Notice when the user uuid ends in "-tpzed-anonymouspublic" and associate it with the local anonymous user instead of creating a new account # When making a federated request as the anonymous user, substitute the other cluster's published anonymous user token. There's a similar issue with the system user (root). System users should probably not federate at all. There's also more general UX problem of user accounts from different clusters having the same name and appearing in the user list, which is confusing.